Package: nova
Version: 2012.1.1-13
Severity: important
Tags: security

Hi,

the following vulnerability was published for nova.

CVE-2013-0335[0]:
VNC proxy can connect to the wrong VM

See also the announcement[1].

Patches for folsom are available[2].

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] http://security-tracker.debian.org/tracker/CVE-2013-0335
[1] http://marc.info/?l=oss-security&m=136190371727273&w=2
[2] https://review.openstack.org/#/c/22758/

At first glance it looks nova in testing/unstable and also
experimental are affected, could you please double-check?

Could you prepare a fixed pckage for unstable only containing the
needed change and contact the release team?

I have choosen severity important here. If I understand the issue
correctly, it would be possible for a user accessing a VM he does not
own.

Regards,
Salvatore


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to